The exact impact of this vulnerability depends on the sensitive data stored in the cookies that the attacker has gained access to. Usually this is session data that keeps a user authenticated to an application. In that case, the attacker is able to impersonate the authenticated user. The ability to impersonate an authenticated user allows the attacker to carry out any actions that are available to that user within the application. That might be enough for the attacker, or they might use that access to leverage additional vulnerabilities for additional privileges.
To prevent this vulnerability, don't store sensitive data in persistent cookies.
Don't store sensitive data in persistent cookies:
To check for adequate protection against this vulnerability, find all code that stores cookies and ensure that sensitive data is not stored in persistent cookies.
Sensitive data is not stored in persistent cookies: